Hardware Encryption on WL-500gP / WL-500gD / WL-700gE

[Omega]

Èäåÿ çàìå÷òàòåëüíàÿ, íî â íîâûõ ëèíåéêàõ ðîóòåðîâ N series è Dual-Band N series ñëó÷àéíî íå ïîïàäàþòñÿ íè Secured Switch-ïðîöåññîðû
íàïîäîáèå BCM5365, íè SoC-ïðîöåññîðû ñ êðèïòî-ôóíêöèÿìè êàê â BCM94704, èëè î íàëè÷èè òàêèõ ôóíêöèé ïîêà íå äîãàäûâàþòñÿ
Çíà÷èò, ðå÷ü ìîæåò èäòè òîëüêî îá àêñåëåðàöèè êðèïòî-ôóíêöèé â ñòàðåíüêèõ ðîóòåðàõ wl-x00g ñî ñòàðûì Broadcom SDK.
Íå çà ãîðàìè ïåðåõîä íà íîâûé SDK, â êîòîðîì ïîääåðæêè ýòèõ ðîóòåðîâ óæå íå áóäåò.

Sentry5™ Secured Switch Processor - BCM5365/5365P & AirForce Wireless Network Processor - BCM94704

Åñòü åù¸ è òàêîé: Single-Core Control Plane Processor - BCM5836P Programmer’s Guide/Data Sheet/PCI

For advanced security, the BCM5836P integrates an on-chip IPSec acceleration engine that can deliver up to 75 Mbps of single-pass AES/3DES encryption throughput
and supports a broad range of industry-standard security features such as symmetric-key encryption and authentication algorithms including the latest 256-bit Advanced
Encryption Standard (AES), Digital Encryption Standard (DES), 3DES, SHA-1, MD5, HMAC-SHA1, and HMAC-MD5. These features make this processor an obvious choice
for SOHO/SMB networking customers who need both high bandwidth performance and advanced security features such as encryption and user authentication.

â DIR-330 USB-1.1

Òîãäà äåéñòâèòåëüíî âîïðîñ îòïàäàåò.
BCM5836 = BCM4704 with additionl components - USB 2.0 core

Òàì èñïîëüçóåòñÿ hardware crypto acceleration for IPSec, íî íóæíà ïîääåðæêà ýòîãî äåëà â ïðîøèâêå.

D-Link DIR-330

CPU : Broadcom BCM5836PKPBG (264MHz)
Flash : Spansion S29GL064A (8Mb)
RAM : 2x16Mbytes
Switch : BCM5325e
Wi-Fi : BCM4318
Serial : yes
USB : yes
JTAG : yes

http://wl500g.info/showthread.php?18...D-Link-DIR-330

BCM5801/BCM5805/BCM5820 Security Processor Software Reference Library http://www.broadcom.com/products/acc...0-SRL101-R.pdf

BCM5801/BCM5805/BCM5820 Software Reference Library: http://www.broadcom.com/collateral/s...0-SRL101-R.pdf

[ryzhov_al]

Sentry5™ Secured Switch Processor - BCM5365/5365P & AirForce Wireless Network Processor - BCM94704

Åñòü åù¸ è òàêîé: Single-Core Control Plane Processor - BCM5836P Programmer’s Guide/Data Sheet/PCI

Îê, äàâàé ïîñìîòðèì ãäå ýòè ÷èïû âñòðå÷àþòñÿ:

• SoC-êàìåíü BCM94704: 8 ðîóòåðîâ, âêëþ÷àÿ äâà Àçóñà WL-500gpv1, WL-500W,
• êðèïòîñâèò÷ BCM5365: 2 ðîóòåðà, âêëþ÷àÿ îäèí Àçóñ WL-500g Deluxe.

Âñ¸ ýòî - äåâàéñû ñòàðîé ãâàðäèè. Áîþñü, ïîñëå òîãî êàê áóäåò çàêîí÷åí ïåðååçä íà íîâûé Broadcom SDK, ýòè ðîóòåðû îñòàíóòñÿ çà áîðòîì. Çà÷åì êîðÿ÷èòüñÿ-òî?
Ìíå êàæåòñÿ, ÷òî çà ïîääåðæêó àêñåëåðàöèè êðèïòî-ôóíêöèé âîçüì¸òñÿ òîò, êòî òåïëî îòíîñèòñÿ ê ýòèì íåêîãäà êóëüòîâûì æåëåçàêàì. Êàê óâ.òîâ.Vampik, íå ïîçâîëÿþùèé óéòè â íåáûòèå DIR-320.

[staticroute]

Îê, äàâàé ïîñìîòðèì ãäå ýòè ÷èïû âñòðå÷àþòñÿ:

• SoC-êàìåíü BCM94704: 8 ðîóòåðîâ, âêëþ÷àÿ äâà Àçóñà WL-500gpv1, WL-500W,
• êðèïòîñâèò÷ BCM5365: 2 ðîóòåðà, âêëþ÷àÿ îäèí Àçóñ WL-500g Deluxe.

Âñ¸ ýòî - äåâàéñû ñòàðîé ãâàðäèè. Áîþñü, ïîñëå òîãî êàê áóäåò çàêîí÷åí ïåðååçä íà íîâûé Broadcom SDK, ýòè ðîóòåðû îñòàíóòñÿ çà áîðòîì. Çà÷åì êîðÿ÷èòüñÿ-òî?
Ìíå êàæåòñÿ, ÷òî çà ïîääåðæêó àêñåëåðàöèè êðèïòî-ôóíêöèé âîçüì¸òñÿ òîò, êòî òåïëî îòíîñèòñÿ ê ýòèì íåêîãäà êóëüòîâûì æåëåçàêàì. Êàê óâ.òîâ.Vampik, íå ïîçâîëÿþùèé óéòè â íåáûòèå DIR-320.

Åñëè òàê ðàññóæäàòü, ìîæíî âîîáùå íè÷åãî íå äåëàòü.  ïðèíöèïå ñàì äðàéâåð óæå åñòü, òàêæå åñòü ïàêåòû âðîäå áû â OpenWRT ñ ïîääåðæêîé ýòèõ øòóê, íàäî òîëüêî ñäåëàòü ñîîòâåòñòâóþùèå ïàêåòû è âêëþ÷èòü ïîääåðæêó äðàéâåðà îïöèîíàëüíî â ïðîøèâêó.

[ryzhov_al]

Åñëè òàê ðàññóæäàòü, ìîæíî âîîáùå íè÷åãî íå äåëàòü.
...íàäî òîëüêî ñäåëàòü ñîîòâåòñòâóþùèå ïàêåòû è âêëþ÷èòü ïîääåðæêó äðàéâåðà îïöèîíàëüíî â ïðîøèâêó.

ß íå èìåë â âèäó òî, ÷òî ýòî íàôèã íèêîìó íå íóæíî. ß ãîâîðèë î òîì, ÷òî âðÿä ëè ñòîèò òðàòèòü óñèëèÿ íà òå ðîóòåðû, êîòîðûå â íîâîì Broadcom SDK íå áóäóò ïîääåðæèâàòüñÿ.

Ïåðåõîä íà íîâûé SDK âî âñþ èä¸ò, íî íà íîâûõ ðîóòåðàõ íè÷åãî íå ñëûøíî ïðî àêñåëåðàöèþ êðèïòî-ôóíêöèé. Ïîýòîìó çà ïîääåðæêó ýòîé ôè÷è ñêîðåå âîçüì¸òñÿ êòî-òî çàèíòåðåñîâàííûé, à íå êîìàíäà ýíòóçèàñòîâ.

[ryzhov_al]

 ìýéë-ëèñòå OpenWrt-Devel ïðîáåãàë èíòåðåñíûé ïàò÷, óñêîðÿþùèé ñ ïîìîùüþ àññåìáëåðíîé âñòàâêè ðàáîòó OpenSSL:

On a lightly loaded 24Kc, as measured by 'openssl speed sha1', shows between 27% and 120% speedup depending on block size. SHA1 is notably used in Transmission for piece verification.

Ïðåäëîæèë ïàò÷ Àíäðåþ, ðåçóëüòàòû âïå÷àòëÿþò:

ñêîðîñòü ðå÷åêèíãà 9.15 ÃÁ òîððåíòà çàíèìàåò 15 ìèíóò. Íî ýòî ñ NTFS ðàçäåëà ÷åðåç ufsd 8.6.

Êòî çàèíòåðåñîâàí, ìîæåòå â Entware çàìåðèòü ñêîðîñòü ðàáîòû OpenSSL âñòðîåííûì áåí÷ìàðêîì è/èëè îöåíèòü ñêîðîñòü ðàáîòû çàâÿçàííîãî íà OpenSSL ñîôòà: òîððåíòîêà÷àëêè, VPN'û è ïð. Ïîñëå î÷åðåäíîãî åæåìåñÿ÷íîãî îáíîâëåíèÿ (â òå÷åíèå ýòîé íåäåëè) ïîñìîòðèì ýôôåêò îò ýòîãî ïàò÷à.

[ryzhov_al]

 ïðîäîëæåíèå ðàçãîâîðà. Ïðîâåðèë ïî âñòðîåííûì áåí÷ìàðêàì OpenSSL ïðèðîñò ñêîðîñòè. Î÷åíü äàæå:

Òåñò	MD5	SHA-1	SHA-256	SHA-512	DES	3DES	AES-128	AES-192	AES-256	RSA Sign	RSA Verify	DSA Sign	DSA Verify
Ïðèðîñò ñêîðîñòè	2%	89%	43%	1%	0%	0%	0%	0%	0%	81%	90%	90%	90%

Âñå òåñòû ïîâòîðÿë òðèæäû, çàòåì àðèôìåòè÷åñêè óñðåäíÿë çíà÷åíèÿ. Íàïîìíþ, èìåííî SHA1 èñïîëüçóåòñÿ, íàïðèìåð, òîððåíò-êëèåíòàìè ïðè ñâåðêå õýøåé òîððåíò-êîíòåíòà.
Îáíîâë¸ííàÿ OpenSSL äîñòóïíà â ðåïîçèòîðèè Entware.

[staticroute]

 ïðîäîëæåíèå ðàçãîâîðà. Ïðîâåðèë ïî âñòðîåííûì áåí÷ìàðêàì OpenSSL ïðèðîñò ñêîðîñòè. Î÷åíü äàæå:

Òåñò	MD5	SHA-1	SHA-256	SHA-512	DES	3DES	AES-128	AES-192	AES-256	RSA Sign	RSA Verify	DSA Sign	DSA Verify
Ïðèðîñò ñêîðîñòè	2%	89%	43%	1%	0%	0%	0%	0%	0%	81%	90%	90%	90%

Âñå òåñòû ïîâòîðÿë òðèæäû, çàòåì àðèôìåòè÷åñêè óñðåäíÿë çíà÷åíèÿ. Íàïîìíþ, èìåííî SHA1 èñïîëüçóåòñÿ, íàïðèìåð, òîððåíò-êëèåíòàìè ïðè ñâåðêå õýøåé òîððåíò-êîíòåíòà.
Îáíîâë¸ííàÿ OpenSSL äîñòóïíà â ðåïîçèòîðèè Entware.

Ìîæåòå ïåðåñîáðàòü OpenVPN ñ ïîääåðæêîé íîâîãî OpenSSL? (èëè óæå ñîáðàí?)